package com.future.common.config;

import javax.servlet.http.HttpServletRequest;

import com.future.model.SysUser;
import com.future.service.AuthenticationService;
import com.future.service.SysUserService;
import com.jfinal.aop.Aop;
import com.jfinal.kit.StrKit;
import com.jfinal.plugin.druid.IDruidStatViewAuth;

import net.minidev.json.JSONObject;

/**
 * druid监控页面权限控制
 * 
 * @author ThinkPad
 *
 */
public class DruidStatViewAuth implements IDruidStatViewAuth {

	@Override
	public boolean isPermitted(HttpServletRequest request) {
		try {
			String token = request.getHeader("Authorization");
			if (StrKit.isBlank(token)) {
				return false;
			}
			JSONObject result = Aop.get(AuthenticationService.class).parseToken(token);
			String userid = result.getAsString("userid");
			SysUser currentUser = Aop.get(SysUserService.class).findUserById(userid);
			if (currentUser == null) {
				return false;
			}
		} catch (Exception e) {
			return false;
		}
		return true;
	}

}
